Physical credit and debit cards have a number, usually 12-16 digits, which identify the card holder's account. This number is commonly referred to as the “PAN,” which stands for “primary account number.”
Financial institutions have begun asking for schemes that create a pool of temporary PANs that are assigned, used for a few times, than ‘cooled off’ and perhaps later reused. These temporary PANs are “physically” mapped in memory back to consumers' legacy card PAN on a one-to-one basis. A consumer may then use the temporarily assigned PAN in a purchase transaction. After the temporary PAN is input at the point of sale, the legacy card PAN is subsequently substituted for the temporary PAN—using a memory lookup—before the pending transaction is finally put through the legacy authorization process.
As these uses of temporary PANs grow, the need to store the one-to-one correlation mapping of temporary PANs to legacy card PAN will create a variety of problems for the industry. Among those potential problems will be the need for larger, more complex storage systems to hold the growing number of temporary PANs and the increased processor power necessary to search for and substitute legacy PANs for temporary PANs.
In a slightly different approach, some companies assign temporary PANs to electronic devices that stay fixed for the lifetime of the device, but the temporary PAN is still mapped back to the legacy consumer card PAN. Similarly, other third-party providers have bank-issued, mobile-device specific PANs, which stay fixed for the lifetime of the device and may not need any mapping during transaction processing. However, neither of these solutions provides the added security available with temporary PANs.
A system and method that can provide the security of temporary PANs without exponentially increasing the memory and processor requirements of the overall system would be desirable.